Quantcast
Channel: Directory Services Forum
Viewing all 2536 articles
Browse latest View live

Removing the first Domain Controller and introducing new 2012 domain controller

February 5, 2013, 7:49 am
$
0
0

My question(s) is related to removing the first domain controller (Server 2003) created.  Our Forest is at 2003 level, and includes only a single domain (2003) level.

I don't believe we are using EFS or ADAM but want to verify I tested correctly with "cipher" command.

Any other steps I need to take since it is the first domain controller? 

I did backup the private certificate even though it expired, and as stated above don't believe we use EFS.

Any gotchas I need to consider in introducing a 2012 domain controller?

Thanks

Minoo Jalal

Search

Bare Metal Restore - Windows Server 2008 R2 - Active Diretory - DNS - DHCP Server

February 5, 2013, 12:25 pm
$
0
0

I have an issue trying to do a BMR of our Primary Domain Controller which is running Windows Server 2008 on a VM hosted on a ESXI server.

I am trying to restore an image which was taken a year ago in a test environment. I have setup a test ESXI server on a completely different network. The reason I need to restore my 1 year old image is because something is not working right which used to when this image was taken. So to rule out that our domain controller is the problem, I am trying to do a bare metal restore of this image. I use Retrospect to backup the domain controller taking system state snapshots. After I restore the image to the test VM I boot into DSRM. I figured out that I had to change the date and time of the DC to the date and time of the image then I can reboot normally otherwise I get a BSOD. However active directory does not seemed to be running right. Is there a proper procedure I need to do when restoring a Primary domain controller from a 1 year old system state image?

DHCP server would not run until I removed the server and re-authorized it. I open GPO editor an I get an error "cannot find network name".

If I try to add a client machine to the domain it can't find the domain. I get an error DNS Server failure 0x0000232A RCODE_SERVER_FAILURE. I have also tried to do a full domain authoritative restore and still no luck.

Any Ideas?

Logon DC

February 4, 2013, 12:38 am
$
0
0

Hi Everyone,

I have 2 DCs at the Head-office and one on Branch site, I've realized once the branch network goes down users all across even at the Head-office experience logon and email issues. When i run echo %LOGONSERVER% its shows the machine was authenticated by the DC @ the branch.

1.How can i set users @ Head-office to be logging on to the DCs on the LAN instead of branch DC.

2.How can i set users to be failing over automatically to the available DCs


Meshack

Active Directory Domain Services Exception

January 29, 2013, 3:39 pm
$
0
0

Hello.

On several of my Domain Controllers I've started noticing a warning in the Directory Services event log.

EventID:  1173

Source: ActiveDirectory_DomainService

"Internal event:  Active Directory Domain Services has encountered the following exception and associated parameters."
Exception:
e0010004
Parameter:
0
Additional Data
Error Value:
-1603
Internal ID:
205036b

I've done a bunch of searching and I've found several references that are close, they have the same exception, parameter and error value, but nothing that has the same Internal ID of 205036b.  Does anybody know what is causing these exceptions and should I be worried?

Any help would be appreciated.

Craig

How to find Application Directory Partition Host Server ?

February 4, 2013, 4:22 am
$
0
0

How to find Application Directory Partition Host Server ?

Thanks in advance.

AliahMurfy

Which Event Viewer log is specific to GPO events? and Where is this log located within Event Viewer?

January 31, 2013, 9:18 am

How does conditional forwarder choose IP addr?

February 6, 2013, 11:01 am
$
0
0

Conditional forwarder can be configured with multiple IP address for a given domain.  When that domain is resolved, how does the conditional forwarder choose one from the multiple IP addresses to forward the resolution request?  Will it try the IP address in static order or random order or something else?

When the IP address that the conditional forwarder picked is bad (e.g., the machine on that IP address is dead) how does it handle it (e.g., try the next IP address in the list as a sort of fail-over, simply fail the name resolution)?

Thanks,

Stanley

USN rollback: Ghost vs reboot

February 1, 2013, 11:44 am
$
0
0

MS recommends against a Ghost-style backup/restore, but I don't understand how this different than a server reboot of the DC.  It will be for a shorter time period, but won't the USN fall behind either way?  (Is it because the ghost-style backup is assumed to be crash-consistent only?)

Thanks,

Jaime

Search

How to allow recursion only for specific IP range?

February 6, 2013, 11:52 am
$
0
0

We have two internet facing DNS Windows 2008 servers for our domain.  How do I allow recursion for specific subnet and disable recursion globally?

The only option I see is either enable or disable recursion (which disabled forwarders).  Cannot disable, because then our internal users are unable to get to certain websites etc. 

As we have two DNS servers we thought with switch/routers rules...maybe have one internet facing (disable recursion there) and the non internet facing DNS server we leave recursion enabled.  Folks that manages our switches/routers say they cannot use switch level firewall rules to do this because our domains is delegated to us and both have to be internet facing?  Switch folks suggested to enable "view" mode that has recursion enabled for specific IP range and disable recursion globally....unsure how to do this in Windows DNS.

Any suggestions to accomplish this goal...Windows Firewall settings maybe (if so how)?

Dc removal

February 6, 2013, 5:19 pm
$
0
0
I have a dc that is still on 2003 server. My other dcs are freshly build on 08r2. I would like to decom. Dc that is running on 03 server, than build 08r2 and make that my dc. I would need to retain the same name and ip as 03 domain controller. Essentially I'm replacing OS. There are a ton of devices that are referencing this dc for dns or other purposes. Should I remove that server object after decom. or should I keep it since I will reuse this name with my 08r2 server.

DFS share slow from linux server

February 6, 2013, 7:05 pm
$
0
0

When Linux server mounts a CIFS share to a DFS share is very slow.  Files were copied/deleted on DFS share and when running on DFS share it takes above 30 minutes.   When using \\servername\share (link target) it takes 3 minutes.

Are there any hotfixs or how I can troubleshoot? Because I can't see the cache on linux via dfsutil.

Active Directory 2008 R2: Enforce Password History Does not work on domain users

February 6, 2013, 6:08 am
$
0
0

Hello All,

We have a DC windows 2008 R2 and have tried below to enforce password history.

1> 'Enforced' Defualt domain policy which has 'Enforce Password History' as '24 Password remembered'

2> Created a  new password policy with 'Enforce Password History' as '24 Password remembered'

3> Tried fine grained password policy as shown here http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx

But no luck at all. I am still able to reset a domain user's password to old one using 'Active Directory Users and Computers'. I am doing it as domain administrator.

I also tried the hotfix mentioned here http://hotfixv4.microsoft.com/Windows%207/WindowsServer%202008%20R2/sp1/Fix314655/7600/free/419101_intl_x64_zip.exe

Is there something I am missing? Please help. Thanks.

/M

How could I know all domain name which exist in other one forest ?

February 6, 2013, 7:44 pm
$
0
0

I would like to know other forest information which we have forest trust.

How could I know all domain name which exist in other one forest ?

AD LDS application lastLogon attribute

February 6, 2013, 8:51 pm
$
0
0

Hello everyone,

Is there a way to know the last logon information for a certain application using AD LDS? This is so I can check if the user is still using the application (using the lastLogon attribute for that specific application). Is there a built-in attribute for AD LDS already with this functionality?

Ex. I have APP1, APP2, and APP3 using AD LDS. How can I determine the last time the user used / logon to APP1, APP2, and APP3? So I can remove those applications already.

My idea is extend the AD LDS schema to define a lastLogon and lastLogoff Attribute, then maybe have the application update that every time user connects to the application.

Is this the correct way? Or am I wrong in my idea?

Also, is there a way to use AD DS lastLogon / lastLogoff for each application? Since it is already existing?

Thank you!


How to make test environment of AD and MIIS.

January 31, 2013, 6:00 pm
$
0
0

From the advice here I thought a plan.

we use windows 2003AD with 2008 server and we have some forestwide trust and we use MIIS for galsync.

1. make Temp site that has not included in any sitelink object.

2. move one least used DC(target DC) to Temp site.

3. prepare laptop PC that has Hyper-V(2008 or 2012)

4. Install windows2008 server as Hyper-V guest .

5. Promote Hyper-V guest windows2008 as DC in Temp site.

6. wait replication.

7. Take windows server backup of Hyper-V guest windows 2008.

8. Demote Hyper-V guest windows 2008.

9. move target DC to original site.

10. Disconnect laptop PC from network.

11. restore Hyper-V guest windows 2008 from windows server backup.

Does this make sence ?

Search

querying computer and user objects that are extra in DC

February 6, 2013, 9:17 pm
$
0
0

hi everybody

how can I find extra user and computer objects in active directory?I defined planty of OU,Users and computers,but I am sure some of them are extra,I would like to find them  by dsquery or other ways.

any help would be appreciated

Cross site replication of DCs only happen among sites that is defined in sitelink objects ?

January 31, 2013, 7:09 pm
$
0
0
Cross site replication of DCs only happen among sites that is defined in sitelink objects ?

dcdiag failed test Services

August 10, 2009, 3:54 am
$
0
0

I am getting the following error on all 13 of my domain controllers.

Starting test: Services

            Invalid service type: RpcSs on ********, current value

            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS

         ......................... ******** failed test Services

I have searched for hours and apparently I fail at technet and google so far.

Windows 2008 R2 sync to Windows 2008 RODC - Not all members of a group are syncronised

February 6, 2013, 2:06 am
$
0
0

Hello,

We have a very strange problem where a Security Group seems to only be partially replicated to our RODC's Only about a third of the members are replicated to the RODC although if we for example make a change in the description field then this is replicated with no problem. It does not help to remove and then add the user again, while manually replicationing in betweeen the operations. New scurity groups seem to replicate just fine including the mebers.

What can we do to get this Security Group replicated with all the members?

Many Thanks

Clive

How to fix in dns after changing RODC Server name

February 7, 2013, 9:11 am
$
0
0

Hi All,

I have a case like this, one of my partner had change one of of my RODC server name in manually, so I saw in my DNS record there are 2 records now which is the new one and the old one. I had demote this RODC and succesfull but in my DNS the old record or this rodc still there. how do I to clean this DNS configuration correctly.

Thanks and Regards

Mangapuly

Viewing all 2536 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>